ACME: zeroize buffers with private keys after use.

We trust the SSL library to securely clear the EVP_PKEY objects, but
all the places where we may store a PEM data should be cleared by us.

Author: bavshin-f5

Cargo.lock

@@ -17,6 +17,7 @@ openssl-foreign-types = { package = "foreign-types", version = "0.3" }
 openssl-sys = { version = "0.9.109", features = ["bindgen"] }
 siphasher = { version = "1.0.1", default-features = false }
 thiserror = { version = "2.0.12", default-features = false }
+zeroize = "1.8.1"
 
 [dependencies.nginx-sys]
 git = "https://github.com/nginx/ngx-rust"

Cargo.toml

@@ -16,6 +16,7 @@ use ngx::ngx_log_debug;
 use ngx::sync::RwLock;
 use openssl::pkey::{PKey, Private};
 use thiserror::Error;
+use zeroize::Zeroizing;
 
 use super::ext::NgxConfExt;
 use super::order::CertificateOrder;
@@ -256,7 +257,7 @@ impl Issuer {
                 }
             }
 
-            if let Ok(buf) = pkey.private_key_to_pem_pkcs8() {
+            if let Ok(buf) = pkey.private_key_to_pem_pkcs8().map(Zeroizing::new) {
                 // Ignore write errors.
                 let _ = state_dir.write(&path, &buf);
             }
@@ -349,7 +350,8 @@ impl StateDir {
         }
 
         let mut cert = CertificateContextInner::new_in(cf.pool());
-        cert.set(&chain, &pkey.private_key_to_pem_pkcs8()?, valid)?;
+        let pkey = Zeroizing::new(pkey.private_key_to_pem_pkcs8()?);
+        cert.set(&chain, &pkey, valid)?;
 
         Ok(cert)
     }

src/conf/issuer.rs

@@ -59,7 +59,7 @@ pub fn conf_read_private_key(
     _cf: &mut ngx_conf_t,
     name: &str,
 ) -> Result<PKey<Private>, CertificateFetchError> {
-    let Ok(buf) = std::fs::read_to_string(name) else {
+    let Ok(buf) = std::fs::read_to_string(name).map(zeroize::Zeroizing::new) else {
         return Err(CertificateFetchError::Fetch(c"cannot load key"));
     };
 

src/conf/ssl.rs

@@ -2,6 +2,7 @@ use ngx::allocator::{AllocError, Allocator, TryCloneIn};
 use ngx::collections::Vec;
 use ngx::core::{Pool, SlabPool};
 use ngx::sync::RwLock;
+use zeroize::Zeroize;
 
 use crate::time::{jitter, Time, TimeRange};
 
@@ -110,6 +111,10 @@ where
                 .try_reserve_exact(PREFIX.len() + pkey.len())
                 .map_err(|_| AllocError)?;
 
+            // Zeroize is not implemented for allocator-api2 types.
+            self.chain.as_mut_slice().zeroize();
+            self.pkey.as_mut_slice().zeroize();
+
             self.chain = new_chain;
             self.pkey = new_pkey;
         }
@@ -150,3 +155,14 @@ where
         None
     }
 }
+
+impl<A> Drop for CertificateContextInner<A>
+where
+    A: Allocator + Clone,
+{
+    fn drop(&mut self) {
+        // Zeroize is not implemented for allocator-api2 types.
+        self.chain.as_mut_slice().zeroize();
+        self.pkey.as_mut_slice().zeroize();
+    }
+}